Hybrid View

Trojan.JS.Agent.btv

In Google search, I look for images of “Staphylococcus aureus”.
I click on an image.
A popup of the image appears in a window with the web page showing behind the window.
When I click the close in the upper right corner of the image window,
the image window closes and the web page comes forward.
This is good.

However, on an evil site, the popup appears to take over.
Zone Alarm has multiple windows appear.
None of which I can trust since I don’t know if the evil site
is using phony Zone Alarm images.

It is unclear what Zone Alarm should be displaying
so I would know it is a valid Zone Alarm window.
What is the sequence of events we should expect Zone Alarm
to display when Trojan.JS.Agent.btv occurs.

Second question
It is unclear to me how a javascript can download software in the browser.
Supposedly, Java should not allow a download of a virus unless you
authorize it. Is there a technical programming article with coding showing
how it is doing this? It shouldn’t be happening unless there is a bug
in the browser code. What exactly is Trojan.JS.Agent.btv doing.

Re: Trojan.JS.Agent.btv

First question I really didn't get it... sorry

Second question:
There are literally thousands of different variant of Trojan.JS.Agent, hundreds new every few weeks and only for few a description is present. Otherwise malware experts will spend their time in writing virus descriptions.